/**
 * 2009-9-21 下午10:16:57 
 * esignature
 * com.smc.server.impl
 * TokenServerImpl
 */
package com.smc.security;
 
import org.aopalliance.intercept.MethodInvocation;
import org.apache.log4j.Logger;
import org.apache.struts2.ServletActionContext;

import com.smc.common.constants.AuthorityConstant;
import com.smc.common.constants.ResourceConstant;
import com.smc.common.constants.RoleConstant;

/**
 * @author chenheng
 * @version 0.0.1
 * 用户令牌安全拦截器实现。具体文档参见相关接口。
 */
public class TokenSecurityInterceptor extends AbstractTokenSecurityInterceptor {
	//private HttpServletRequest request = ServletActionContext.getRequest() ;
	public Object invoke(MethodInvocation method) throws Throwable {
		Logger logger = Logger.getLogger(TokenSecurityInterceptor.class);
		String[] methodElements = method.getMethod().getName().split("_");
		logger.info(method.getMethod().getName() + "will be invoked:");
		logger.info("Begin verify the invoker's role:");
		boolean roleToken = auditRoleToken(methodElements[1]);
		if ( ! roleToken ) {
			logger.error("The invoker role verify failed , invoke stop:");
			return null ;
		} else {
			logger.info("The invoker role verify succeed , begin verify the invoker's resource: ");
			boolean resourceToken = auditResourceToken(methodElements[2]);
			if ( ! resourceToken ) {
				logger.error("The invoker resource verify failed, invoke stop : ");
				return null ;
			} else {
				logger.info("The invoker resource verify succeed , begin verify the invoker's authority :");
				boolean authorityToken = auditAuthorityToken(methodElements[3]);
				if ( ! authorityToken ) {
					logger.error("The invoker authority verify failed, invoke stop :");
					return null ;
				} else {
					logger.info("Verify succeed , the method will invoke :");
					Object result = method.proceed();
					logger.info("Method invoke end .");
					return result ;
				}
			}
		}
	}
	@Override
	public boolean auditAuthorityToken(String authority) {
		int AUTHORITY = 0 ;
		if ( authority.equals("IG")) {
			return true ;
		} else if ( authority.equals("SA")) {
			AUTHORITY = AuthorityConstant.AUTH_SAVE;
		} else if ( authority.equals("RE")) {
			AUTHORITY = AuthorityConstant.AUTH_REMOVE;
		} else if ( authority.equals("FE")) {
			AUTHORITY = AuthorityConstant.AUTH_FETCH ;
		} else if ( authority.equals("UP")) {
			AUTHORITY = AuthorityConstant.AUTH_UPDATE;
		} else if ( authority.equals("SI")) {
			AUTHORITY = AuthorityConstant.AUTH_SIGN ;
		}
		for ( GrantedAuthority ga : SecurityContextHolder.getAuthentication(ServletActionContext.getRequest().getSession()).getAuthorities()) {
			if ( (ga.getAuthority().getAuthority() & AUTHORITY) > 0 ) {
				return true ;
			}
		}
		return false;
	}
	@Override
	public boolean auditResourceToken(String resource) {
		int RESOURCE = 0 ;
		if ( resource.equals("IG")) {
			return true ;
		} else if (resource.equals("DO")) {
			RESOURCE = ResourceConstant.RES_DOCUMENT ;
		} else if ( resource.equals("HO")) {
			RESOURCE = ResourceConstant.RES_HOSPITAL;
		} else if ( resource.equals("ME")) {
			RESOURCE = ResourceConstant.RES_MESSAGE;
		} else if ( resource.equals("NE")) {
			RESOURCE = ResourceConstant.RES_NEWS ;
		} else if ( resource.equals("US")) {
			RESOURCE = ResourceConstant.RES_USER ;
		} else if ( resource.equals("AU")) {
			RESOURCE = ResourceConstant.RES_AUTHENTICATION ;
		} else if ( resource.equals("CE")) {
			RESOURCE = ResourceConstant.RES_CERTIFICATION;
		}
		for ( GrantedAuthority ga : SecurityContextHolder.getAuthentication(ServletActionContext.getRequest().getSession()).getAuthorities()) {
			if ( (ga.getAuthority().getResource() & RESOURCE) > 0 ) {
				return true ;
			}
		}
		return false;
	}
	@Override
	public boolean auditRoleToken(String role) {
		int ROLE = 0 ;
		if ( role.equals("IG")) {
			return true ;
		} else if ( role.equals("AD")) {
			ROLE = RoleConstant.ROLE_ADMIN;
		} else if ( role.equals("HO")) {
			ROLE = RoleConstant.ROLE_HOSPITAL;
		} else if ( role.equals("OP")) {
			ROLE = RoleConstant.ROLE_OPERATE;
		} else if ( role.equals("US")) {
			ROLE = RoleConstant.ROLE_USER;
		}
		for (GrantedAuthority ga : SecurityContextHolder.getAuthentication(ServletActionContext.getRequest().getSession()).getAuthorities()) {
			if ( (ga.getAuthority().getRole() & ROLE) > 0 ) {
				return true ;
			}
		}
		return false;
	}
}
